<?php

namespace Desktopd\MUA;


// TCP client (with TLS support) - Settings management
class TCPClient {
    /*
        Flags
    */
    
    // TLS connection from the beginning (not STARTTLS)
    const FLAG_TLS_FULL = 1;
    
    // ** No verification **
    // should be used with the certificate pinning as the bottom line
    const FLAG_TLS_INSECURE = 2;
    
    
    /*
        List of TLS ciphers in the preferred order
        https://wiki.mozilla.org/Security/Server_Side_TLS
        (last modified on 4 March 2015, at 06:46)
        
        Note: Added TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
        and TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
        at the first of each list (like Chromium)
    */
    const TLS_CIPHERS_SECURE = 'ECDHE-RSA-CHACHA20-POLY1305-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
    
    const TLS_CIPHERS_COMPAT = 'ECDHE-RSA-CHACHA20-POLY1305-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
    
    
    // default settings for new connections
    protected $timeout = 30;
    protected $connectionTimeout = 30;
    protected $ciphers = self::TLS_CIPHERS_COMPAT;
    protected $caFile = false;
    
    public function __construct () {
        
    }
    
    public function setCA ($certificate) {
        $this->caFile = new TemporaryFile();
        $this->caFile->write($certificate);
    }
    
    public function getCAFile () {
        if ($this->caFile instanceof TemporaryFile) {
            return $this->caFile->getPath();
        }
        
        return false;
    }
    
    public function setCipherList ($ciphers) {
        $this->ciphers = $ciphers;
    }
    
    public function setTimeout ($timeout) {
        if (!is_numeric($timeout) || $timeout < 1) {
            return false;
        }
        
        return $this->timeout = (int) $timeout;
    }
    
    public function setConnectionTimeout ($timeout) {
        if (!is_numeric($timeout) || $timeout < 1) {
            return false;
        }
        
        return $this->connectionTimeout = (int) $timeout;
    }
    
    public function getTimeout () {
        return $this->timeout;
    }
    
    public function getConnectionTimeout () {
        return $this->connectionTimeout;
    }
    
    public function getCipherList () {
        return $this->ciphers;
    }
    
    // returns TCPClientConnection
    public function createConnection ($host, $port, $flags = 0) {
        return new TCPClientConnection($this, $host, $port, $flags);
    }
}


// vim: ts=4 et ai

